Validate LDDW second-half instruction fields#764
Validate LDDW second-half instruction fields#764ppx123-web wants to merge 1 commit intoiovisor:mainfrom
Conversation
Signed-off-by: GOD_PPX <1251887477@qq.com>
There was a problem hiding this comment.
Pull request overview
This PR tightens uBPF’s instruction validation to fully enforce the RFC 9669 requirements for the second half of an LDDW (64-bit immediate load), preventing malformed programs from loading successfully.
Changes:
- Add validation that the second half of
LDDWhasdst == 0,src == 0, andoffset == 0. - Add a new negative test case covering an
LDDWsecond-half instruction with a non-zerodstfield.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
vm/ubpf_vm.c |
Strengthens LDDW validation by enforcing zeroed register/offset fields in the second half. |
tests/errors/err-lddw-second-half-invalid.data |
Adds regression coverage ensuring malformed LDDW second halves are rejected with the expected error. |
| if (i + 1 >= num_insts || insts[i + 1].opcode != 0) { | ||
| *errmsg = ubpf_error("incomplete lddw at PC %d", i); | ||
| return false; | ||
| } | ||
| if (insts[i + 1].dst != 0 || insts[i + 1].src != 0 || insts[i + 1].offset != 0) { | ||
| *errmsg = ubpf_error("invalid lddw second half at PC %d", i + 1); |
There was a problem hiding this comment.
The incomplete lddw at PC %d error is also returned when insts[i+1].opcode != 0, which isn’t an “incomplete” LDDW but an invalid second-half instruction. Consider splitting the condition so the out-of-range case reports "incomplete lddw" while the opcode-mismatch case reports "invalid lddw second half" (at PC i+1) to make failures easier to diagnose and align with the expected semantics of the LDDW second half.
1 participant
Patch for issue 757
Fix the lddw instructon validation.